EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElSSHServer.AuthFailed never called

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#28956
Posted: 03/25/2014 21:10:46
by steve cook (Standard support level)
Joined: 11/15/2013
Posts: 11

I want to make sure that any socket/ssh session is terminated immediately if authentication fails, and also give the connection a timeout.

1) How do you set an authentication timeout?

2) OnAuthFailed never seems to be called for a failed password authentication. Is this supposed to work? Also is there any way to stop it asking for multiple authentication attempts or limit the number of retrys?


Some example code that illustrates the problem with OnAuthFailed:

Code
           srv = new TElSSHServer();
            srv.OnAuthAttempt += srv_OnAuthAttempt;
            srv.OnAuthFailed += srv_OnAuthFailed;
            srv.OnAuthPassword += srv_OnAuthPassword;
            srv.OnCloseConnection += srv_OnCloseConnection;
            srv.OnError += srv_OnError;
            srv.OnReceive += srv_OnReceive;
            srv.OnSend += srv_OnSend;
            srv.Open();

        void srv_OnError(object Sender, int ErrorCode)
        {
            Debug.WriteLine("srv_OnError");
        }

        void srv_OnCloseConnection(object Sender)
        {
            Debug.WriteLine("srv_OnCloseConnection");
            m_Socket.Close();
        }

        void srv_OnAuthAttempt(object Sender, string Username, int AuthType, ref bool Accept)
        {
            Debug.WriteLine("srv_OnAuthAttempt");
            Accept = false;
            if (AuthType == SBSSHConstants.Unit.SSH_AUTH_TYPE_PASSWORD)
                Accept = true;
        }

        void srv_OnAuthPassword(object Sender, string Username, string Password, ref bool Accept, ref bool ForceChangePassword)
        {
            Debug.WriteLine("srv_OnAuthPassword");
            Accept = false;
        }

        void srv_OnAuthFailed(object Sender, int AuthenticationType)
        {
            Debug.WriteLine("srv_OnAuthFailed");
        }


I then connect with putty and get the password prompt. When I type in a user/password (in this case, all logins should fail), srv_OnAuthPassword is called and sets Accept=false, however srv_OnAuthFailed is never called. The client then just get prompted again for the password. e.g.

Quote

login as:
@127.0.0.1's password:
Access denied
@127.0.0.1's password:
Access denied
@127.0.0.1's password:
Access denied
@127.0.0.1's password:
#28957
Posted: 03/26/2014 02:32:57
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Quote
1) How do you set an authentication timeout?

You can put corresponding code inside TElSSHServer.OnAuthAttempt handler.

Quote
2) OnAuthFailed never seems to be called for a failed password authentication. Is this supposed to work? Also is there any way to stop it asking for multiple authentication attempts or limit the number of retrys?

Indeed OnAuthFailed is not fired. We'll fix this. Currently you can try to stop asking for auth. attempts by setting Accept to 'false' inside TElSSHServer.OnAuthAttempt handler.

Reply

Statistics

Topic viewed 468 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!